AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

I Spent $500 To Test Devin AI For Prompt Injection So That You Don't Have To

highnews

security

Source: Embrace The RedAugust 6, 2025

Summary

Devin AI, a tool that acts as an AI software engineer, is vulnerable to prompt injection (tricking an AI by hiding malicious instructions in its input) attacks that can lead to full system compromise. By planting malicious instructions on websites or GitHub issues that Devin reads, attackers can trick it into downloading and running malware, giving them remote control over Devin's DevBox (the sandboxed environment where Devin operates) and access to any stored secrets.

Classification

Attack Type

Prompt Injection

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentiality

Affected Vendors

Related Issues

high

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

Similar attackEmbrace The Red

medium

CVE-2024-45989: Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Act

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 92%